What is claimed is: 

1. A method for use in a public-key encryption system, the 
encryption system having an encryption block encrypting a 
5 plaintext m of a length of k Q to output a ciphertext (a,j3) 
and a decryption block for decrypting the ciphertext (a,fi) to 
provide the plaintext m , comprising the steps of: 

(a) choosing variables p , q and g as public-key 
parameters, wherein p is a large prime number of length k, 

10 q is a large prime number dividing p-l and g is a generator 
for a multiplicative group Z* , wherein Z* = {g° , g l , g 2 ■ ; g q ' ] } ; 

(b) choosing and publishing a first hash function H , 
H : {0, 1 } k — » Z g , providing security against an adaptive- 
chosen-ciphertext-attack and a second hash function G , 

15 G : Z* — > {0, 1} A , providing security under a computational 
Dif f ie-Hellman assumption; 

(c) choosing and storing a secret key x satisfying 
xeZ cl based on the chosen public-key parameters p , q and g- 
and generating a public key X ( X = g x ) , thereby publishing 

20 the public-key parameters p r q and g and the public key X; 

(d) encrypting the plaintext m by using the public 
key X , thereby generating the ciphertext (a, ft); 

(e) verifying whether the ciphertext (cc,ft) is valid or 
not; and 

25 (f) if the ciphertext {a,fi) is verified to be valid, 

decrypting the ciphertext (a,j3) by using the secret key x to 



- 15 - 



recover the plaintext m . 



2. The method of claim 1, wherein the ciphertext {a,/3) is 
defined as: 

5 

(a,j3)= ( g H[mV) , G ( X H{mlr) mod p)® { m\r ) ) 

where r is a random string of a length k x with k 0 + k x = k . 

10 3. The method of claim 2, wherein the verifying step (e) 
includes the step of (el) computing t = g{cc x )© J3 and 
determining whether a of the ciphertext (<x,ft) is identical to 
g H{t) or not. 

15 4. The method of claim 3, wherein the decrypting step (f) 
includes the step of removing the random number r from t to 
thereby recover the plaintext m . 

5. The method of claim 2, wherein the exponentiation 
20 operation is replaced by addition operation over elliptic 
curve group. 
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